@_ToXIc_ I would revert the change regarding bloat. That doesn’t impact what’s going on here and typically it’s best left alone. There are also debug logs for the agent

@Aus_Karlos You can also try to modify your existing WAN rule: Go to Firewall > Rules > WAN. Edit the rule that currently handles the traffic for port 443 to your server. In the Advanced Options section, set the "In/Out pipe" for outgoing traffic to use the Global_Limit_Out limiter.

Update: I deleted all the limiter and Wireguard profiles and set up both of them from scratch. Now they are working together happily. No additional firewall rules needed.

@N0m0fud I link to my post, basically it's a freebsd issue max 4gb/s https://forum.netgate.com/topic/189679/codel-not-applying-after-4gb-s/2

@Poli Oh I founded that, so BSD still didn't fix it ? https://redmine.pfsense.org/issues/12661 I guess the fix was an upgrade from 2gb/s to 4gb/s why so low? https://reviews.freebsd.org/D31582

@MaxRackstraw To better answer your throughput question the 1100 should top out around 400-500 Mbps I’d expect. If you don’t need packages that use lots of disk writes or RAM then it’s a fine little router. https://www.netgate.com/supported-pfsense-plus-packages

@SteveITS Thanks man. While you typed this, I set up a virtual server and tested in a sandbox..got it! [image: 1721329134845-fda705f3-a69e-4b65-9d88-296fdf82f207-image.png]

@ctrlbreak Can you post your queue config? If the wizard was used there is this issue for instance: https://forum.netgate.com/topic/166621/priority-of-qotherslow-higher-than-default

@Antibiotic Sometimes it is better to NOT make your connection better to other hackers.

@aweber Yes. I got fq_codel working on a bridge in OPNSense and pfSense, but there seems to be Free and Double free errors on the machine and maybe on my XGS-PON. I am using FTTH. I think the errors are from applications trying to negotiate various link speeds and IOTCL not knowing which way is WAN and LAN. I was also running sensei/zenarmor on the LAN and fq_codel on the bridge. I got hit by some mitre attack, binding public IPs to my bridge too. Perhaps DHCP and transparent DNS on unbound were to blame, as turning off DHCP seems to drop my link speed from 2.5gbps to 1gbps on my NBase-T NICs. This bit was never an issue with an AT&T router bypass. VLAN 0 stinks :) but at least OPNsense and pfSense recognize it. So can Mikrotik RouterOS devices. Is it "supported"? No. Should it only be done with TCP? Probably. What about D-TLS and direct memory access NICs? What about putting IGMP in traffic shapers? What about file descriptors on local device NICs? What should they be set to? I may go try out crowdsec one of these days. https://youtu.be/zGTzeWYfy8o?si=Bb9RuXeyHmwWzoh- Here is a maybe insightful video. (Wish I knew how to code :p)

@JonathanLee The config.xml seems fine, and I have double checked all my setting before I posted here, but thanks for the advise. In the Diagnostics/Limiter Info show the current bandwidth set it never changes when the Schedule does, I have tested doing speed test to make sure which Bandwidth is been used, as in my first post it only changes when I press save in Limiter settings. Thanks anyway.

@SteveITS said in Upload speed too low: https://docs.netgate.com/pfsense/en/latest/trafficshaper/vpns.html [image: 1715894843132-904ad7ca-0908-461d-8b0a-6ab741ff1f18-image.png] [image: 1715894863894-c9ce88fc-7357-42d5-b0ec-3dd880218406-image.png] [image: 1715894885433-1de6458e-3de6-4e9d-8a22-2887367d9548-image.png]

Use Floating with Match for Limiters and no quick. Try codel instead of tail drop in the Limiter itself.